Firewall

On the Firewall page, you can configure traffic rules, block harmful access, and optimize your firewall security settings.

General Settings

In this section you can configure traffic routing, DNS settings, SSL/TLS configuration, and cache management to optimize website performance and security.

Field Value

Field	Value
Traffic Routing	Enable CDN: Select this option to route traffic via SiteLock’s Content Delivery Network (CDN) for improved load times. Enable Firewall: Select this option to enable SiteLock’s firewall, which provides robust security rules to protect the website from threats. Temporarily bypass SiteLock’s network: Select this option to temporarily disable routing through SiteLock’s network if needed.
DNS Settings (Informational)	Original DNS: Provides a snapshot of the DNS records at the time the product was purchased. It includes the original IP addresses before SiteLock’s service was configured. SiteLock DNS: Shows the DNS changes necessary to configure the firewall.
SSL Configuration Status	SSL certificate on your server: Indicates whether an SSL certificate is detected on the server. SSL certificate on the firewall: Indicates whether an SSL certificate is installed on the firewall. Source of SSL certificate: Shows the source of the SSL certificate (e.g. Network). Upload Certificate: Opens a pop-up to upload a certificate file, private key file, and a passphrase for the certificate. Accepted file formats for certificates are `.pem`, `.cer`, `.cert`, or `.pfx`, and for private keys, `.key`. SiteLock only supports 2048-bit size certificates, and the custom upload certificate should cover both the apex domain and the 'www' subdomain.
Site IP Address	Site IP Address: Displays the IP address to which traffic will be routed. This can be changed if necessary. Change IP: Changes the IP address. Changes can take up-to 10 minutes to take effect.
Purge Cache	Purge all cache: Clears all cached content, which can be useful if significant changes to the site have been made and the user wants to ensure visitors see the latest version. Purge specific resource: Clears cache for specific files. When selected, additional options are presented in a dropdown menu: URL is: Purge cache for URLs that exactly match a specific string. URL starts with: Purge cache for URLs that start with a specific string. URL ends with: Purge cache for URLs that end with a specific string. Value: Enter the specific URL or part of a URL that matches the selected pattern.
Functionality	Upload Certificate: Uploads a new SSL certificate. Change IP: Updates the site IP address. Purge Cache Now: Clears the cache based on the selected options.

Traffic Routing

Enable CDN: Select this option to route traffic via SiteLock’s Content Delivery Network (CDN) for improved load times.
Enable Firewall: Select this option to enable SiteLock’s firewall, which provides robust security rules to protect the website from threats.
Temporarily bypass SiteLock’s network: Select this option to temporarily disable routing through SiteLock’s network if needed.

DNS Settings (Informational)

Original DNS: Provides a snapshot of the DNS records at the time the product was purchased. It includes the original IP addresses before SiteLock’s service was configured.
SiteLock DNS: Shows the DNS changes necessary to configure the firewall.

SSL Configuration Status

SSL certificate on your server: Indicates whether an SSL certificate is detected on the server.
SSL certificate on the firewall: Indicates whether an SSL certificate is installed on the firewall.
Source of SSL certificate: Shows the source of the SSL certificate (e.g. Network).
Upload Certificate: Opens a pop-up to upload a certificate file, private key file, and a passphrase for the certificate. Accepted file formats for certificates are .pem, .cer, .cert, or .pfx, and for private keys, .key. SiteLock only supports 2048-bit size certificates, and the custom upload certificate should cover both the apex domain and the 'www' subdomain.

Site IP Address

Site IP Address: Displays the IP address to which traffic will be routed. This can be changed if necessary.
Change IP: Changes the IP address. Changes can take up-to 10 minutes to take effect.

Purge Cache

Purge all cache: Clears all cached content, which can be useful if significant changes to the site have been made and the user wants to ensure visitors see the latest version.
Purge specific resource: Clears cache for specific files. When selected, additional options are presented in a dropdown menu:
- URL is: Purge cache for URLs that exactly match a specific string.
- URL starts with: Purge cache for URLs that start with a specific string.
- URL ends with: Purge cache for URLs that end with a specific string.
Value: Enter the specific URL or part of a URL that matches the selected pattern.

Functionality

Upload Certificate: Uploads a new SSL certificate.
Change IP: Updates the site IP address.
Purge Cache Now: Clears the cache based on the selected options.

Proactive Settings

In this section you can configure security settings related to blocking access from specific countries, URLs, and IP addresses to enhance website security.

Field	Value
Blocked Countries	Import CSV: Import a CSV file of countries to block. List the countries using 2-digit country codes. Export CSV: Export the list of blocked countries to a CSV file. You can also select countries from a dropdown list or start typing a country name and press Enter to select it. Click Save Changes.
Blocked URLs	Pattern: Select URL parameters from the dropdown. URL contains: Block URLs that contain a specific string. URL does not contain: Block URLs that do not contain a specific string. URL does not end with: Block URLs that do not end with a specific string. URL does not start with: Block URLs that do not start with a specific string. URL ends with: Block URLs that end with a specific string. URL is: Block URLs that exactly match a specific string. URL is not: Block URLs that do not exactly match a specific string. URL starts with: Block URLs that start with a specific string. Value: Enter the specific URL or part of a URL that matches the selected pattern. Click Add New URL.
Blocked IPs	Select the IP addresses, ranges, or subnets to block, and then click Save Changes. Examples: Single IP: 123.123.123.123 IP Range: 123.123.123.0-123.123.123.255 Subnet: 123.123.123.0/24
Whitelisted IPs	Specify the IP addresses, ranges, or subnets to allow, overriding other blocking rules, then click Save Changes.

Field

Value

Blocked Countries

Import CSV: Import a CSV file of countries to block. List the countries using 2-digit country codes.
Export CSV: Export the list of blocked countries to a CSV file.
You can also select countries from a dropdown list or start typing a country name and press Enter to select it.
Click Save Changes.

Blocked URLs

Pattern: Select URL parameters from the dropdown.
URL contains: Block URLs that contain a specific string.
URL does not contain: Block URLs that do not contain a specific string.
URL does not end with: Block URLs that do not end with a specific string.
URL does not start with: Block URLs that do not start with a specific string.
URL ends with: Block URLs that end with a specific string.
URL is: Block URLs that exactly match a specific string.
URL is not: Block URLs that do not exactly match a specific string.
URL starts with: Block URLs that start with a specific string.
Value: Enter the specific URL or part of a URL that matches the selected pattern.
Click Add New URL.

Blocked IPs

Select the IP addresses, ranges, or subnets to block, and then click Save Changes.

Examples:

Single IP: 123.123.123.123
IP Range: 123.123.123.0-123.123.123.255
Subnet: 123.123.123.0/24

Whitelisted IPs

Specify the IP addresses, ranges, or subnets to allow, overriding other blocking rules, then click Save Changes.

Responsive Settings

In this section you can customize exceptions to the Firewall. For each category of threat, select the specific rules and exceptions to the rules. When you have selected the variables for that rule, click Add.

Field	Action
Threat	Malicious Script Access Attempts: Quarantine the script: Isolate the script to prevent it from executing. Only track and report attempts: Monitor and log the attempts without taking any action. Allow all bot visits: Permit all bots to access the server. Bad or Suspended Bots: Block bad bots, challenge suspected bots: Block known bad bots and display a CAPTCHA challenge to suspected bots. Challenge all bad and suspected bots: Display a CAPTCHA challenge to both bad and suspected bots. Block bad bots: Block access for known bad bots. Allow all bot visits: Permit all bots to access the server.
Attempts, Cross-Site Scripting Attempts	Illegal Resource Access Attempts, Remote File Inclusions, SQL Injection. Block just the attack: Block the specific attack attempt. Block the attack, and all future visits by the same user agent: Block the attack and prevent future visits from the same user agent. Block the attack, and all future visits from the same IP: Block the attack and prevent future visits from the same IP address. Allow all bot visits: Permit all bots to access the server. Only track and report attempts: Monitor and log the attempts without taking any action.

Field

Action

Threat

Malicious Script Access Attempts:

Quarantine the script: Isolate the script to prevent it from executing.
Only track and report attempts: Monitor and log the attempts without taking any action.
Allow all bot visits: Permit all bots to access the server. Bad or Suspended Bots:
Block bad bots, challenge suspected bots: Block known bad bots and display a CAPTCHA challenge to suspected bots.
Challenge all bad and suspected bots: Display a CAPTCHA challenge to both bad and suspected bots.
Block bad bots: Block access for known bad bots.
Allow all bot visits: Permit all bots to access the server.

Attempts, Cross-Site Scripting Attempts

Illegal Resource Access Attempts, Remote File Inclusions, SQL Injection.

Block just the attack: Block the specific attack attempt.
Block the attack, and all future visits by the same user agent: Block the attack and prevent future visits from the same user agent.
Block the attack, and all future visits from the same IP: Block the attack and prevent future visits from the same IP address.
Allow all bot visits: Permit all bots to access the server.
Only track and report attempts: Monitor and log the attempts without taking any action.

Performance

In this section you can configure caching and content delivery to improve website performance.

Field	Action
Purge Cache	Purge all cache: Clears all cached content, which can be useful if significant changes to the site have been made and the user wants to ensure visitors see the latest version. Purge specific resource: Clears cache for specific files, allowing the user to update individual elements without affecting the entire site.
Advanced Caching	Always cache URLs: Cache specified URLs to improve load times. This is useful for static content that doesn’t change often. Never cache URLs: Exclude specified URLs from being cached. This is useful for dynamic content that changes frequently.
Pattern	Select the pattern for the URL - applicable to both always cache URLs and never cache URLs. Options: URL contains: Cache or exclude URLs that contain a specific string. URL does not contain: Cache or exclude URLs that do not contain a specific string. URL does not end with: Cache or exclude URLs that do not end with a specific string. URL does not start with: Cache or exclude URLs that do not start with a specific string. URL ends with: Cache or exclude URLs that end with a specific string. URL is: Cache or exclude URLs that exactly match a specific string. URL is not: Cache or exclude URLs that do not exactly match a specific string. URL starts with: Cache or exclude URLs that start with a specific string.
TTL Unit	Select the time-to-live unit for caching. Options: Seconds Minutes Hours Days Weeks
Cache Mode	Options: * Cache static and dynamic content: Cache both static (e.g., images, CSS) and dynamic content (e.g., HTML generated by a server). * Cache static content only: Cache only static content, which is less likely to change frequently. * Disable caching: Turn off caching entirely, which might be useful during development or troubleshooting.
Content Delivery Network (CDN)	Configure settings for content delivery to improve load times by serving content from servers closer to the visitor.
Auto Minify	Minify specific types of resources to reduce file size and improve load times. * Minify JavaScript: Remove unnecessary characters from JavaScript files. * Minify CSS: Remove unnecessary characters from CSS files. * Minify static HTML: Remove unnecessary characters from HTML files.
Image Compression	Options for compressing images to reduce file size and improve load times. * Compress PNG: Reduce the size of PNG images. * Compress JPEG: Reduce the size of JPEG images. Aggressive compression: Apply more aggressive compression techniques to further reduce image size, potentially at the cost of some quality. Progressive image rendering: Load images progressively, which can improve the perceived load time as images appear to load faster. * On the fly compression: Text files (JS, CSS, HTML) are gzipped before being transferred to reduce loading times.
Other Settings	TCP pre-pooling: Establish TCP connections in advance to reduce latency. Comply with no-cache and max-age directives in client requests: Respect caching directives specified by the client. Comply with Vary User-Agent: Cache different versions of content based on the user-agent header. Use shortest caching duration in case of conflict: Select the shortest caching duration when there are conflicting cache settings. Prefer last modified over ETag: Select the last modified header instead of ETag for cache validation. Disable client-side caching: Prevent the client from caching content locally. Also cache 3xx responses: Cache 301, 302, 303, 307 and 308 response headers containing the target URI. 3xx caching can only be triggered through HTTP response headers or caching rules.

Field

Action

Purge Cache

Purge all cache: Clears all cached content, which can be useful if significant changes to the site have been made and the user wants to ensure visitors see the latest version.
Purge specific resource: Clears cache for specific files, allowing the user to update individual elements without affecting the entire site.

Advanced Caching

Always cache URLs: Cache specified URLs to improve load times. This is useful for static content that doesn’t change often.
Never cache URLs: Exclude specified URLs from being cached. This is useful for dynamic content that changes frequently.

Pattern

Select the pattern for the URL - applicable to both always cache URLs and never cache URLs.

Options:
- URL contains: Cache or exclude URLs that contain a specific string.
- URL does not contain: Cache or exclude URLs that do not contain a specific string.
- URL does not end with: Cache or exclude URLs that do not end with a specific string.
- URL does not start with: Cache or exclude URLs that do not start with a specific string.
- URL ends with: Cache or exclude URLs that end with a specific string.
- URL is: Cache or exclude URLs that exactly match a specific string.
- URL is not: Cache or exclude URLs that do not exactly match a specific string.
- URL starts with: Cache or exclude URLs that start with a specific string.

TTL Unit

Select the time-to-live unit for caching.

Options:
- Seconds
- Minutes
- Hours
- Days
- Weeks

Cache Mode

Options: * Cache static and dynamic content: Cache both static (e.g., images, CSS) and dynamic content (e.g., HTML generated by a server). * Cache static content only: Cache only static content, which is less likely to change frequently. * Disable caching: Turn off caching entirely, which might be useful during development or troubleshooting.

Content Delivery Network (CDN)

Configure settings for content delivery to improve load times by serving content from servers closer to the visitor.

Auto Minify

Minify specific types of resources to reduce file size and improve load times. * Minify JavaScript: Remove unnecessary characters from JavaScript files. * Minify CSS: Remove unnecessary characters from CSS files. * Minify static HTML: Remove unnecessary characters from HTML files.

Image Compression

Options for compressing images to reduce file size and improve load times. * Compress PNG: Reduce the size of PNG images. * Compress JPEG: Reduce the size of JPEG images. Aggressive compression: Apply more aggressive compression techniques to further reduce image size, potentially at the cost of some quality. Progressive image rendering: Load images progressively, which can improve the perceived load time as images appear to load faster. * On the fly compression: Text files (JS, CSS, HTML) are gzipped before being transferred to reduce loading times.

Other Settings

TCP pre-pooling: Establish TCP connections in advance to reduce latency.
Comply with no-cache and max-age directives in client requests: Respect caching directives specified by the client.
Comply with Vary User-Agent: Cache different versions of content based on the user-agent header.
Use shortest caching duration in case of conflict: Select the shortest caching duration when there are conflicting cache settings.
Prefer last modified over ETag: Select the last modified header instead of ETag for cache validation.
Disable client-side caching: Prevent the client from caching content locally.
Also cache 3xx responses: Cache 301, 302, 303, 307 and 308 response headers containing the target URI. 3xx caching can only be triggered through HTTP response headers or caching rules.

Authentication

In this section you can add an additional layer of security to specific pages or URLs, such as a WordPress admin page.

Field	Action
Users	Define which users should have access to protected pages. Users defined here will be able to authenticate on the pages below by entering a code that is emailed or texted to the provided contacts. Name: Enter the full name of the user. Email Address: Enter a valid email address for the user. Phone Number: Select the country flag drop-down to select the country code and enter a valid phone number.
Pages/URL	Define which pages/URLs should be protected to only allow the above users to access the content. Pattern: Select the pattern for the URL. URL contains: Protect URLs that contain a specific string. URL does not contain: Protect URLs that do not contain a specific string. URL does not end with: Protect URLs that do not end with a specific string. URL does not start with: Protect URLs that do not start with a specific string. URL ends with: Protect URLs that end with a specific string. URL is: Protect URLs that exactly match a specific string. URL is not: Protect URLs that do not exactly match a specific string. URL starts with: Protect URLs that start with a specific string. Value: Enter the specific URL or part of a URL that matches the selected pattern.

Field

Action

Users

Define which users should have access to protected pages. Users defined here will be able to authenticate on the pages below by entering a code that is emailed or texted to the provided contacts.

Name: Enter the full name of the user.
Email Address: Enter a valid email address for the user.
Phone Number: Select the country flag drop-down to select the country code and enter a valid phone number.

Pages/URL

Define which pages/URLs should be protected to only allow the above users to access the content.

Pattern: Select the pattern for the URL.
- URL contains: Protect URLs that contain a specific string.
- URL does not contain: Protect URLs that do not contain a specific string.
- URL does not end with: Protect URLs that do not end with a specific string.
- URL does not start with: Protect URLs that do not start with a specific string.
- URL ends with: Protect URLs that end with a specific string.
- URL is: Protect URLs that exactly match a specific string.
- URL is not: Protect URLs that do not exactly match a specific string.
- URL starts with: Protect URLs that start with a specific string.
Value: Enter the specific URL or part of a URL that matches the selected pattern.